Cisco has released security updates to address a high severity vulnerability in the Cisco Umbrella Virtual Appliance, allowing unauthenticated attackers to steal admin credentials remotely.
Fraser Hess of Pinnacol Assurance found the flaw in the key-based SSH authentication mechanism of Cisco Umbrella VA. Cisco Umbrella, a cloud-delivered security service used by over 24,000 organizations as DNS‑layer security against phishing, malware, and ransomware attacks, uses these on-premise virtual machines as conditional DNS forwarders that record, encrypt, and authenticate DNS data.
“This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA,” Cisco explained.
Luckily, Cisco says that the SSH service is not enabled by default on Umbrella on-premise virtual machines, significantly lowering the vulnerability’s overall impact.
In November, Cisco also fixed a similar critical severity bug caused by default SSH keys in the key-based SSH authentication mechanism of Cisco Policy Suite, which could let unauthenticated and remote attackers log into affected systems as the root user.
The same day, the company also addressed a second critical flaw linked to hard-coded credentials in the Telnet service of Cisco Catalyst PON Series Switches ONT that allows unauthenticated attackers to log in remotely using a debugging account with a default password.